US20230155990A1 - Message encryption method and electronic device - Google Patents

Message encryption method and electronic device Download PDF

Info

Publication number
US20230155990A1
US20230155990A1 US18/149,460 US202318149460A US2023155990A1 US 20230155990 A1 US20230155990 A1 US 20230155990A1 US 202318149460 A US202318149460 A US 202318149460A US 2023155990 A1 US2023155990 A1 US 2023155990A1
Authority
US
United States
Prior art keywords
electronic device
message
security information
server
disclosure
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
US18/149,460
Other languages
English (en)
Inventor
Dohoon Kim
Sewon PARK
Jookyoung PARK
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Samsung Electronics Co Ltd
Original Assignee
Samsung Electronics Co Ltd
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Samsung Electronics Co Ltd filed Critical Samsung Electronics Co Ltd
Assigned to SAMSUNG ELECTRONICS CO., LTD. reassignment SAMSUNG ELECTRONICS CO., LTD. ASSIGNMENT OF ASSIGNORS INTEREST (SEE DOCUMENT FOR DETAILS). Assignors: KIM, DOHOON, PARK, Jookyoung, Park, Sewon
Publication of US20230155990A1 publication Critical patent/US20230155990A1/en
Pending legal-status Critical Current

Links

Images

Classifications

    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/06Network architectures or network communication protocols for network security for supporting key management in a packet data network
    • H04L63/065Network architectures or network communication protocols for network security for supporting key management in a packet data network for group communications
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L5/00Arrangements affording multiple use of the transmission path
    • H04L5/003Arrangements for allocating sub-channels of the transmission path
    • H04L5/0053Allocation of signaling, i.e. of overhead other than pilot signals
    • H04L5/0055Physical resource allocation for ACK/NACK
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L51/00User-to-user messaging in packet-switching networks, transmitted according to store-and-forward or real-time protocols, e.g. e-mail
    • H04L51/04Real-time or near real-time messaging, e.g. instant messaging [IM]
    • H04L51/043Real-time or near real-time messaging, e.g. instant messaging [IM] using or handling presence information
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0435Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply symmetric encryption, i.e. same key used for encryption and decryption
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L63/00Network architectures or network communication protocols for network security
    • H04L63/04Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks
    • H04L63/0428Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload
    • H04L63/0442Network architectures or network communication protocols for network security for providing a confidential data exchange among entities communicating through data packet networks wherein the data content is protected, e.g. by encrypting or encapsulating the payload wherein the sending and receiving network entities apply asymmetric encryption, i.e. different keys for encryption and decryption

Definitions

  • the disclosure relates to a method and an apparatus for encrypting a message. More particularly, the disclosure relates to a transmission device and a reception device transmitting and receiving messages mutually providing security information (for example, public keys) to use end-to-end encryption.
  • security information for example, public keys
  • electronic devices for example, electronic devices for communication
  • the electronic device may transmit and receive text messages for the purpose of communication with another electronic device.
  • the electronic devices may mutually exchange messages according to a communication protocol and/or a communication agreement.
  • a transmission device which transmits a message and a reception device which receives the message may use end-to-end encryption in order to enhance security of message transmission.
  • the end-to-end encryption may encrypt the message during a step in which the transmission device inputs the message and transmit the encrypted message to the reception device.
  • the reception device may decrypt the encrypted message received from the transmission device and identify the message.
  • the transmission device and the reception device which transmit and receive the message may use the end-to-end encryption based on security information (for example, a public key) for addressing the encryption.
  • a transmission device and a reception device transmitting and receiving messages may mutually provide security information (for example, public keys) to use end-to-end encryption.
  • the transmission device may generate a public key for encrypting a message and encrypt the message by using the public key.
  • the transmission device may transmit the encrypted message to the reception device through a message server, and the message server may store and manage the public key corresponding to the transmission device.
  • a separate message server for storing and managing security information (for example, public keys) for at least one electronic device may be needed.
  • the separate message server may need a separate processing process for acquiring public keys corresponding to the transmission device and the reception device.
  • a separate processing process for updating and managing the changed public keys may be required. Due to the separate processing process, a problem of deteriorating the message transmission and reception performance of the transmission device and the reception device may occur.
  • an aspect of the disclosure is to provide an electronic device for managing public key corresponding respective electronic devices (for example, the transmission device and the reception device) by using an rich communication service (RCS) server supporting rich communication service (RCS) and encrypting messages based on the public keys.
  • RCS rich communication service
  • RCS rich communication service
  • a message server includes a communication module configured to communicate with a first electronic device and a second electronic device, a memory configured to store security information related to at least one electronic device, and a server processor operatively connected to the communication module and the memory.
  • the server processor may be configured to acquire a first message encrypted based on first security information of the second electronic device from the first electronic device and transmit the first message to the second electronic device, acquire a decryption failure signal for the first message from the second electronic device and transmit the decryption failure signal to the first electronic device, acquire second security information of the second electronic device from the second electronic device and transmit the second security information to the first electronic device, receive a second message encrypted based on the second security information from the first electronic device, and transmit the received second message to the second electronic device.
  • a first electronic device in accordance with another aspect of the disclosure, includes a communication module configured to perform wireless communication with a message server and a second electronic device, a memory configured to store security information acquired from the message server, and at least one processor operatively connected to the communication module and the memory.
  • the at least one processor may be configured to encrypt a first message, based on first security information of the second electronic device for transmitting the first message, transmit the encrypted first message to the second electronic device through the message server, receive a decryption failure signal for the first message from the second electronic device through the message server, receive second security information corresponding to the second electronic device from the second electronic device, and encrypt a second message, based on the received second security information and transmit the second message to the second electronic device.
  • a method of encrypting a message through a message server includes acquiring a first message encrypted based on first security information of a second electronic device from a first electronic device and transmitting the first message to the second electronic device, acquiring a decryption failure signal for the first message from the second electronic device and transmitting the decryption failure signal to the first electronic device, acquiring second security information of the second electronic device from the second electronic device and transmitting the second security information to the first electronic device, receiving a second message encrypted based on the second security information from the first electronic device, and transmitting the received second message to the second electronic device.
  • An aspect of various embodiments of the disclosure is to not configure a separate server for storing security information, manage the security information through a message server, and encrypt the message when messages are transmitted and received between electronic devices.
  • the message server may support encryption of messages through an algorithm that stores and manages security information for electronic devices.
  • various effects directly or indirectly detected through the disclosure can be provided.
  • FIG. 1 is a block diagram illustrating an electronic device within a network environment according to an embodiment of the disclosure
  • FIG. 2 illustrates a process of transmitting and receiving messages through a message server according to an embodiment of the disclosure
  • FIG. 3 is a block diagram illustrating a first electronic device, a second electronic device, and a message server according to an embodiment of the disclosure
  • FIG. 4 is a flowchart illustrating a method by which a message server manages security information according to an embodiment of the disclosure
  • FIG. 5 is a timetable illustrating a process in which a message server manages security information according to an embodiment of the disclosure
  • FIG. 6 is a flowchart illustrating a method of processing an encrypted message when decryption of an encrypted message fails according to an embodiment of the disclosure
  • FIG. 7 is a timetable illustrating a process of processing an encrypted message when decryption of an encrypted message fails according to an embodiment of the disclosure
  • FIG. 8 is a timetable illustrating a process in which encryption information is inserted into a message and transmitted according to an embodiment of the disclosure.
  • FIG. 9 is a timetable illustrating a process in which a first electronic device opens a group chat room and a third electronic device participates in a group chat room according to an embodiment of the disclosure.
  • FIG. 1 illustrates an electronic device in a network environment according to an embodiment of the disclosure.
  • an electronic device 101 in a network environment 100 may communicate with an external electronic device 102 via a first network 198 (e.g., a short-range wireless communication network), or at least one of an external electronic device 104 or a server 108 via a second network 199 (e.g., a long-range wireless communication network).
  • the electronic device 101 may communicate with the external electronic device 104 via the server 108 .
  • the electronic device 101 includes a processor 120 , a memory 130 , an input module 150 , an audio output module 155 , a display module 160 , an audio module 170 , a sensor module 176 , an interface 177 , a connecting terminal 178 , a haptic module 179 , a camera module 180 , a power management module 188 , a battery 189 , a communication module 190 , a subscriber identity module (SIM) 196 , or an antenna module 197 .
  • at least one of the components e.g., the connecting terminal 178
  • some of the components e.g., the sensor module 176 , the camera module 180 , or the antenna module 197
  • the processor 120 may execute, for example, software (e.g., a program 140 ) to control at least one other component (e.g., a hardware or software component) of the electronic device 101 coupled with the processor 120 , and may perform various data processing or computation. As at least part of the data processing or computation, the processor 120 may store a command or data received from another component (e.g., the sensor module 176 or the communication module 190 ) in a volatile memory 132 , process the command or the data stored in the volatile memory 132 , and store resulting data in a non-volatile memory 134 .
  • software e.g., a program 140
  • the processor 120 may store a command or data received from another component (e.g., the sensor module 176 or the communication module 190 ) in a volatile memory 132 , process the command or the data stored in the volatile memory 132 , and store resulting data in a non-volatile memory 134 .
  • the processor 120 may include a main processor 121 (e.g., a central processing unit (CPU) or an application processor (AP)), or an auxiliary processor 123 (e.g., a graphics processing unit (GPU), a neural processing unit (NPU), an image signal processor (ISP), a sensor hub processor, or a communication processor (CP)) that is operable independently from, or in conjunction with, the main processor 121 .
  • a main processor 121 e.g., a central processing unit (CPU) or an application processor (AP)
  • auxiliary processor 123 e.g., a graphics processing unit (GPU), a neural processing unit (NPU), an image signal processor (ISP), a sensor hub processor, or a communication processor (CP)
  • the main processor 121 may be adapted to consume less power than the main processor 121 , or to be specific to a specified function.
  • the auxiliary processor 123 may be implemented as separate from, or as part of the main processor 121 .
  • the auxiliary processor 123 may control at least some of functions or states related to at least one component (e.g., the display module 160 , the sensor module 176 , or the communication module 190 ) among the components of the electronic device 101 , instead of the main processor 121 while the main processor 121 is in an inactive (e.g., a sleep) state, or together with the main processor 121 while the main processor 121 is in an active state (e.g., executing an application).
  • the auxiliary processor 123 e.g., an ISP or a CP
  • the auxiliary processor 123 may include a hardware structure specified for artificial intelligence model processing.
  • An artificial intelligence model may be generated by machine learning. Such learning may be performed, e.g., by the electronic device 101 where the artificial intelligence is performed or via a separate server (e.g., the server 108 ). Learning algorithms may include, but are not limited to, e.g., supervised learning, unsupervised learning, semi-supervised learning, or reinforcement learning.
  • the artificial intelligence model may include a plurality of artificial neural network layers.
  • the artificial neural network may be a deep neural network (DNN), a convolutional neural network (CNN), a recurrent neural network (RNN), a restricted boltzmann machine (RBM), a deep belief network (DBN), a bidirectional recurrent deep neural network (BRDNN), deep Q-network or a combination of two or more thereof but is not limited thereto.
  • the artificial intelligence model may, additionally or alternatively, include a software structure other than the hardware structure.
  • the memory 130 may store various data used by at least one component (e.g., the processor 120 or the sensor module 176 ) of the electronic device 101 .
  • the various data may include, for example, software (e.g., the program 140 ) and input data or output data for a command related thereto.
  • the memory 130 may include the volatile memory 132 or the non-volatile memory 134 .
  • the non-volatile memory 134 may include an internal memory 136 or an external memory 138 .
  • the program 140 may be stored in the memory 130 as software, and may include, for example, an operating system (OS) 142 , middleware 144 , or an application 146 .
  • OS operating system
  • middleware middleware
  • application application
  • the input module 150 may receive a command or data to be used by another component (e.g., the processor 120 ) of the electronic device 101 , from the outside (e.g., a user) of the electronic device 101 .
  • the input module 150 may include, for example, a microphone, a mouse, a keyboard, a key (e.g., a button), or a digital pen (e.g., a stylus pen).
  • the audio output module 155 may output sound signals to the outside of the electronic device 101 .
  • the audio output module 155 may include, for example, a speaker or a receiver.
  • the speaker may be used for general purposes, such as playing multimedia or playing record.
  • the receiver may be used for receiving incoming calls.
  • the receiver may be implemented as separate from, or as part of the speaker.
  • the display module 160 may visually provide information to the outside (e.g., a user) of the electronic device 101 .
  • the display module 160 may include, for example, a display, a hologram device, or a projector and control circuitry to control a corresponding one of the display, hologram device, and projector.
  • the display module 160 may include a touch sensor adapted to detect a touch, or a pressure sensor adapted to measure the intensity of force incurred by the touch.
  • the audio module 170 may convert a sound into an electrical signal and vice versa.
  • the audio module 170 may obtain the sound via the input module 150 , or output the sound via the audio output module 155 or a headphone of an external electronic device (e.g., the external electronic device 102 ) directly (e.g., wiredly) or wirelessly coupled with the electronic device 101 .
  • an external electronic device e.g., the external electronic device 102
  • directly e.g., wiredly
  • wirelessly e.g., wirelessly
  • the sensor module 176 may detect an operational state (e.g., power or temperature) of the electronic device 101 or an environmental state (e.g., a state of a user) external to the electronic device 101 , and then generate an electrical signal or data value corresponding to the detected state.
  • the sensor module 176 may include, for example, a gesture sensor, a gyro sensor, an atmospheric pressure sensor, a magnetic sensor, an acceleration sensor, a grip sensor, a proximity sensor, a color sensor, an infrared (IR) sensor, a biometric sensor, a temperature sensor, a humidity sensor, or an illuminance sensor.
  • the interface 177 may support one or more specified protocols to be used for the electronic device 101 to be coupled with the external electronic device (e.g., the external electronic device 102 ) directly (e.g., wiredly) or wirelessly.
  • the interface 177 may include, for example, a high definition multimedia interface (HDMI), a universal serial bus (USB) interface, a secure digital (SD) card interface, or an audio interface.
  • HDMI high definition multimedia interface
  • USB universal serial bus
  • SD secure digital
  • a connection terminal 178 may include a connector via which the electronic device 101 may be physically connected with the external electronic device (e.g., the external electronic device 102 ).
  • the connection terminal 178 may include, for example, a HDMI connector, a USB connector, a SD card connector, or an audio connector (e.g., a headphone connector).
  • the haptic module 179 may convert an electrical signal into a mechanical stimulus (e.g., a vibration or a movement) or electrical stimulus which may be recognized by a user via his tactile sensation or kinesthetic sensation.
  • the haptic module 179 may include, for example, a motor, a piezoelectric element, or an electric stimulator.
  • the camera module 180 may capture a still image or moving images.
  • the camera module 180 may include one or more lenses, image sensors, image signal processors, or flashes.
  • the power management module 188 may manage power supplied to the electronic device 101 .
  • the power management module 188 may be implemented as at least part of, for example, a power management integrated circuit (PMIC).
  • PMIC power management integrated circuit
  • the battery 189 may supply power to at least one component of the electronic device 101 .
  • the battery 189 may include, for example, a primary cell which is not rechargeable, a secondary cell which is rechargeable, or a fuel cell.
  • the communication module 190 may support establishing a direct (e.g., wired) communication channel or a wireless communication channel between the electronic device 101 and the external electronic device (e.g., the external electronic device 102 , the external electronic device 104 , or the server 108 ) and performing communication via the established communication channel.
  • the communication module 190 may include one or more communication processors that are operable independently from the processor 120 (e.g., the AP) and supports a direct (e.g., wired) communication or a wireless communication.
  • the communication module 190 may include a wireless communication module 192 (e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module) or a wired communication module 194 (e.g., a local area network (LAN) communication module or a power line communication (PLC) module).
  • a wireless communication module 192 e.g., a cellular communication module, a short-range wireless communication module, or a global navigation satellite system (GNSS) communication module
  • GNSS global navigation satellite system
  • wired communication module 194 e.g., a local area network (LAN) communication module or a power line communication (PLC) module.
  • a corresponding one of these communication modules may communicate with the external electronic device via the first network 198 (e.g., a short-range communication network, such as BluetoothTM, wireless-fidelity (Wi-Fi) direct, or a standard of the Infrared Data Association (IrDA)) or the second network 199 (e.g., a long-range communication network, such as a legacy cellular network, a fifth generation (5G) network, a next-generation communication network, the Internet, or a computer network (e.g., LAN or wide area network (WAN)).
  • first network 198 e.g., a short-range communication network, such as BluetoothTM, wireless-fidelity (Wi-Fi) direct, or a standard of the Infrared Data Association (IrDA)
  • the second network 199 e.g., a long-range communication network, such as a legacy cellular network, a fifth generation (5G) network, a next-generation communication network, the Internet, or a computer network (e.g.,
  • the wireless communication module 192 may identify and authenticate the electronic device 101 in a communication network, such as the first network 198 or the second network 199 , using subscriber information (e.g., international mobile subscriber identity (IMSI)) stored in the SIM 196 .
  • subscriber information e.g., international mobile subscriber identity (IMSI)
  • IMSI international mobile subscriber identity
  • the wireless communication module 192 may support a 5G network, after a fourth generation (4G) network, and next-generation communication technology, e.g., new radio (NR) access technology.
  • the NR access technology may support enhanced mobile broadband (eMBB), massive machine type communications (mMTC), or ultra-reliable and low-latency communications (URLLC).
  • eMBB enhanced mobile broadband
  • mMTC massive machine type communications
  • URLLC ultra-reliable and low-latency communications
  • the wireless communication module 192 may support a high-frequency band (e.g., the millimeter wave (mmWave) band) to achieve, e.g., a high data transmission rate.
  • mmWave millimeter wave
  • the wireless communication module 192 may support various technologies for securing performance on a high-frequency band, such as, e.g., beamforming, massive multiple-input and multiple-output (massive MIMO), full dimensional MIMO (FD-MIMO), array antenna, analog beam-forming, or large scale antenna.
  • the wireless communication module 192 may support various requirements specified in the electronic device 101 , an external electronic device (e.g., the external electronic device 104 ), or a network system (e.g., the second network 199 ).
  • the wireless communication module 192 may support a peak data rate (e.g., 20 Gbps or more) for implementing eMBB, loss coverage (e.g., 164 dB or less) for implementing mMTC, or U-plane latency (e.g., 0.5 ms or less for each of downlink (DL) and uplink (UL), or a round trip of 1 ms or less) for implementing URLLC.
  • a peak data rate e.g., 20 Gbps or more
  • loss coverage e.g., 164 dB or less
  • U-plane latency e.g., 0.5 ms or less for each of downlink (DL) and uplink (UL), or a round trip of 1 ms or less
  • the antenna module 197 may transmit or receive a signal or power to or from the outside (e.g., the external electronic device) of the electronic device 101 .
  • the antenna module 197 may include an antenna including a radiating element including a conductive material or a conductive pattern formed in or on a substrate (e.g., a printed circuit board (PCB)).
  • the antenna module 197 may include a plurality of antennas (e.g., array antennas). In such a case, at least one antenna appropriate for a communication scheme used in the communication network, such as the first network 198 or the second network 199 , may be selected, for example, by the communication module 190 (e.g., the wireless communication module 192 ) from the plurality of antennas.
  • the signal or the power may then be transmitted or received between the communication module 190 and the external electronic device via the selected at least one antenna.
  • Another component e.g., a radio frequency integrated circuit (RFIC)
  • RFIC radio frequency integrated circuit
  • the antenna module 197 may form a mmWave antenna module.
  • the mmWave antenna module may include a printed circuit board, a RFIC disposed on a first surface (e.g., the bottom surface) of the printed circuit board, or adjacent to the first surface and capable of supporting a designated high-frequency band (e.g., the mmWave band), and a plurality of antennas (e.g., array antennas) disposed on a second surface (e.g., the top or a side surface) of the printed circuit board, or adjacent to the second surface and capable of transmitting or receiving signals of the designated high-frequency band.
  • a RFIC disposed on a first surface (e.g., the bottom surface) of the printed circuit board, or adjacent to the first surface and capable of supporting a designated high-frequency band (e.g., the mmWave band)
  • a plurality of antennas e.g., array antennas
  • At least some of the above-described components may be coupled mutually and communicate signals (e.g., commands or data) therebetween via an inter-peripheral communication scheme (e.g., a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)).
  • an inter-peripheral communication scheme e.g., a bus, general purpose input and output (GPIO), serial peripheral interface (SPI), or mobile industry processor interface (MIPI)
  • Commands or data may be transmitted or received between the electronic device 101 and the external electronic device 104 via the server 108 coupled with the second network 199 .
  • Each of the external electronic devices 102 or 104 may be a device of a same type as, or a different type, from the electronic device 101 . All or some of operations to be executed at the electronic device 101 may be executed at one or more of the external electronic devices 102 , 104 , or 108 . For example, if the electronic device 101 should perform a function or a service automatically, or in response to a request from a user or another device, the electronic device 101 , instead of, or in addition to, executing the function or the service, may request the one or more external electronic devices to perform at least part of the function or the service.
  • the one or more external electronic devices receiving the request may perform the at least part of the function or the service requested, or an additional function or an additional service related to the request, and transfer an outcome of the performing to the electronic device 101 .
  • the electronic device 101 may provide the outcome, with or without further processing of the outcome, as at least part of a reply to the request.
  • a cloud computing, distributed computing, mobile edge computing (MEC), or client-server computing technology may be used, for example.
  • the electronic device 101 may provide ultra low-latency services using, e.g., distributed computing or mobile edge computing.
  • the external electronic device 104 may include an internet-of-things (IoT) device.
  • the server 108 may be an intelligent server using machine learning and/or a neural network.
  • the external electronic device 104 or the server 108 may be included in the second network 199 .
  • the electronic device 101 may be applied to intelligent services (e.g., smart home, smart city, smart car, or healthcare) based on 5G communication technology or IoT-related technology.
  • FIG. 2 illustrates a process of transmitting and receiving message through a message server according to an embodiment of the disclosure.
  • a first electronic device 220 may be operatively connected to a second electronic device 230 and may perform wireless communication.
  • the first electronic device 220 may be at least partially controlled by a message server 210 .
  • the first electronic device 220 may transmit information related to the message and information related to the second electronic device 230 (for example, identification information of the second electronic device 230 ) corresponding to a reception device of the message to the message server 210 .
  • the message server 210 may transfer the message to the second electronic device 230 based on the information received from the first electronic device 220 .
  • the message server 210 may include a server for providing rich communication suite (RCS) corresponding to an IP-based text service among wireless communication schemes between electronic devices.
  • RCS is the international standard adapted by global system for mobile communication association (GSMA) and may be defined as a text service that is the next version of a universally and frequently used text service (for example, SMS or MMS).
  • GSMA global system for mobile communication association
  • the RCS may include a user-network interface (UNI) between the electronic devices 220 and 230 and the message server 210 .
  • the message server 210 may be referred to as an RCS server.
  • state (presence) information of a counterpart may be reflected in a database in the RCS, and the RCS server may transfer a text message to the counterpart based on the state information stored in the database.
  • the state information of the counterpart may include data (for example, public key information and private key information) corresponding to a specific electronic device (for example, a counterpart electronic device).
  • the message server 210 may acquire state information of the first electronic device 220 and state information of the second electronic device 230 , store the acquired state information in the memory of the message server 210 , and manage the same.
  • an end-to-end encryption technology for example, E2EE
  • E2EE end-to-end encryption technology
  • the end-to-end encryption may be defined as an encryption scheme in which messages are transmitted in an encrypted state during all processes from a transmission device which transmits messages to a reception device which receives the messages.
  • the first electronic device 220 may encrypt the message and transmit the encrypted message to the second electronic device 230 through the message server 210 .
  • Each of the first electronic device 220 and the second electronic device 230 may generate its own “asymmetric public key” and “asymmetric private key”, and use the keys for an operation of encrypting the message and an operation of decrypting the message.
  • the first electronic device 220 and the second electronic device 230 may share “asymmetric public keys” through the message server 210 .
  • the first electronic device 220 may encrypt the message based on the “asymmetric public key” of another electronic device (for example, the second electronic device 230 ) and transmit the encrypted message to the other electronic device.
  • the other electronic device for example, the second electronic device 230
  • the “asymmetric public key” and the “asymmetric private key” have the correlation therebetween, and the message encrypted by the “asymmetric public key” may be decrypted using the “asymmetric private key”.
  • the first electronic device 220 and the second electronic device 230 may provide their own “asymmetric public keys” to the message server 210 when accessing the message server 210 .
  • the first electronic device 220 may transmit first security information (for example, a first asymmetric public key) to the message server 210 , and the message server 210 may store the first security information in the database.
  • first security information for example, a first asymmetric public key
  • second security information for example, a second asymmetric public key
  • the first electronic device 220 may access the message server 210 in order to transmit the message to the second electronic device 230 , and the message server 210 may provide the second security information (for example, the second asymmetric public key) of the second electronic device 230 stored in the database to the first electronic device 220 .
  • the message server 210 may provide the second security information (for example, the second asymmetric public key) of the second electronic device 230 stored in the database to the first electronic device 220 .
  • the first electronic device 220 when the first electronic device 220 transmits a first message to the second electronic device 230 , the first electronic device 220 may encrypt the first message based on the second security information (for example, the second asymmetric public key) of the second electronic device 230 and transmit the encrypted first message to the second electronic device 230 through the message server 210 .
  • the second electronic device 230 may acquire the first message of the first electronic device 220 through the message server 210 .
  • the second electronic device 230 may decrypt the first message based on its own second asymmetric private key.
  • the first message which the first electronic device 220 transmits to the second electronic device 230 cannot be identified by the message server 210 but can be identified by the second electronic device 230 after a decryption process by the second electronic device 230 .
  • security can be enhanced using the end-to-end encryption.
  • FIG. 3 is a block diagram illustrating a first electronic device, a second electronic device, and a message server according to an embodiment of the disclosure.
  • the first electronic device 220 (for example, the electronic device 101 of FIG. 1 ) may include a first processor 221 and/or first security information 222
  • the second electronic device 230 may include a second processor 231 and/or second security information 232 .
  • the first electronic device 220 and the second electronic device 230 may equally include at least one element and may be classified as substantially the same device.
  • the first electronic device 220 and the second electronic device 230 may transmit and receive at least one piece of data through the RCS server 210 (for example, the server 108 of FIG. 1 and/or the message server).
  • the first electronic device 220 may generate an asymmetric public key and an asymmetric private key included in the first security information 222
  • the second electronic device 230 may generate an asymmetric public key and an asymmetric private key included in the second security information 232
  • respective electronic devices may generate their own asymmetric public keys and asymmetric private keys and mutually exchange the asymmetric public keys through the RCS server 210 .
  • the first electronic device 200 may encrypt the first message by using the asymmetric public key of the second electronic device 230 and transmit the encrypted first message to the second electronic device 230 .
  • the second electronic device 230 may decrypt the encrypted first message by using its own asymmetric private key (of the second electronic device).
  • the second electronic device 230 may encrypt the second message by using the asymmetric public key of the first electronic device 220 and transmit the encrypted second message to the first electronic device 220 .
  • the first electronic device 220 may decrypt the encrypted second message by using its own asymmetric private key (of the first electronic device).
  • the RCS server 210 may include a server processor 211 and/or a memory 212 .
  • the server processor 211 may at least partially control at least one other element (for example, a hardware or software element) of the RCS server 210 and perform various data processing and/or calculations.
  • the server processor 211 of the RCS server 210 may receive the first security information 222 of the first electronic device 220 from the first electronic device 220 and store the first security information 222 in the database 213 of the memory 212 .
  • the server processor 211 may also receive the second security information 232 of the second electronic device 230 from the second electronic device 230 and store the second security information 232 in the database 213 of the memory 212 .
  • the server processor 211 may store security information corresponding to each electronic device in the database 213 and, when the security information is changed, update the security information stored in the database 213 .
  • the server processor 211 may receive the first security information 222 from the first electronic device 210 and compare and/or analyze the first security information 222 and security information pre-stored in the database 213 . When the first security information 222 does not match the pre-stored security information, the server processor 211 may update the security information stored in the database 213 to the first security information 222 .
  • the first electronic device 220 and the second electronic device 230 may provide their own security-related information (for example, the first security information 222 of the first electronic device 220 and/or the second security information 232 of the second electronic device 230 ) to the RCS server 210 .
  • the security information may include a public key (for example, an asymmetric public key) corresponding to each electronic device.
  • the RCS server 210 may provide the asymmetric public key of the second electronic device 230 to the first electronic device 220 .
  • the first electronic device 220 may encrypt the message based on the asymmetric public key and transmit the encrypted message to the second electronic device 230 through the RCS server 210 .
  • the asymmetric public key may be used for encrypting a specific message.
  • the first electronic device 220 when the first electronic device 220 transmits a message to the second electronic device 230 , the first electronic device 220 may acquire second security information 232 (For example, the asymmetric public key of the second electronic device 230 ) corresponding to the second electronic device 230 from the RCS server 210 . After encrypting the message based on the acquired second security information 232 , the first electronic device 220 may transmit the encrypted message to the second electronic device 230 through the RCS server 210 . According to an embodiment of the disclosure, when the second security information 232 is not changed in the second electronic device 230 , the second electronic device 230 may decrypt the encrypted message transmitted from the first electronic device 220 by using the asymmetric private key of the second electronic device 230 .
  • second security information 232 when the second security information 232 is not changed in the second electronic device 230 , the second electronic device 230 may decrypt the encrypted message transmitted from the first electronic device 220 by using the asymmetric private key of the second electronic device 230 .
  • the second electronic device 230 when the second security information 232 is changed in the second electronic device 230 , the second electronic device 230 cannot decrypt the encrypted message transmitted from the first electronic device 220 .
  • the second electronic device 230 may transmit an acquisition failure signal of the message to the first electronic device 220 through the RCS server 210 .
  • the second electronic device 230 may transmit the changed second security information 232 (for example, new security information or a new asymmetric public key of the second electronic device 230 ) along with the acquisition failure signal to the RCS server 210 .
  • the RCS server 210 may transfer the changed second security information 232 (for example, new security information) to the first electronic device 220 .
  • the RCS server 210 may update security information corresponding to the second electronic device 230 stored in the database 213 to the changed second security information 232 .
  • the first electronic device 220 may acquire the changed second security information 232 from the second electronic device 230 and encrypt the message based on the changed second security information 232 .
  • the first electronic device 220 may encrypt the message based on the changed second security information 232 and transmit the encrypted message to the second electronic device 230 .
  • the second electronic device 230 may decrypt the encrypted message by using its own asymmetric private key.
  • the first electronic device 220 may add a security field (for example, a message header field) based on a message-related packet.
  • the security field may be defined as a field for identifying whether the message is encrypted.
  • the security field when the security field is included in the message-related packet, it may be identified that the transmitted message is encrypted.
  • the first electronic device 220 may generate a symmetric private key and open a group chat room based on the symmetric private key.
  • the first electronic device 220 may transfer the symmetric private to the second electronic device 230 .
  • the first electronic device 220 may acquire an asymmetric public key corresponding to the second electronic device 230 through the RCS server 210 , and the symmetric private key may be encrypted based on the acquired asymmetric public key.
  • the first electronic device 220 may transfer the encrypted symmetric private key to the second electronic device 230 .
  • the second electronic device 230 may receive the encrypted symmetric private key from the first electronic device 220 and decrypt the encrypted symmetric private key by using its own asymmetric private key. According to an embodiment of the disclosure, the second electronic device 230 may participate in the group chat room by using a symmetric private key corresponding to the group chat room and share message with other electronic devices participating in the group chat room.
  • each electronic device participating in the group chat room may encrypt the message by using the symmetric private key corresponding to the group chat room and transfer the encrypted message to the other electronic devices participating in the group chat room.
  • the other electronic devices may decrypt the encrypted message by using the pre-acquired symmetric private key corresponding to the group chat room.
  • the RCS server 210 may manage the group chat room and identify at least one electronic device participating in the group chat room.
  • the message server 210 includes a communication module for communicating with the first electronic device 220 and the second electronic device 230 , the memory 212 for storing security information related to at least one electronic device, and a server processor 211 operatively connected to the communication module and the memory 212 .
  • the server processor 211 may acquire a first message encrypted based on first security information (for example, the second security information 232 ) of the second electronic device 230 from the first electronic device 220 , transmit the first message to the second electronic device 230 , acquire a decryption failure signal for the first message from the second electronic device 230 , transmit the decryption failure signal to the first electronic device 220 , acquire second security information of the second electronic device 230 (for example, the current asymmetric public key of the second electronic device 230 ) from the second electronic device 230 , transmit the second security information to the first electronic device 220 , receive a second message encrypted based on the second security information from the first electronic device 220 , and transmit the received second message to the second electronic device 230 .
  • first security information for example, the second security information 232
  • the server processor 211 may acquire a first message encrypted based on first security information (for example, the second security information 232 ) of the second electronic device 230 from the first electronic device 220 , transmit the first
  • the server processor 211 may acquire security information related to at least one electronic device in response to access of the at least one electronic device to the message server 210 and store the acquired security information in the memory 212 .
  • the server processor 211 may make a request for the security information to the second electronic device 230 in response to the decryption failure signal for the first message and acquire the second security information from the second electronic device 230 .
  • the server processor 211 may identify whether the first message is encrypted based on whether there is a field including security information in at least one field included in the first message.
  • the first security information may include at least one piece of public key information for encrypting the first message and private key information for participating in a chat room.
  • the server processor 211 may receive an invite message for participating in a group chat room from the first electronic device 220 , identify a third electronic device participating in the group chat room in response to a request signal, and transmit the invite message to the third electronic device.
  • the invite message may include a message in which a private key (for example, a symmetric private key) corresponding to the group chat room is encrypted, based on security information of the third electronic device.
  • a private key for example, a symmetric private key
  • the first electronic device 220 may include a communication module for performing wireless communication with the message server 210 and the second electronic device 230 , a memory for storing security information acquired from the message server 210 , and a processor (for example, the first processor 221 ) operatively connected to the communication module and the memory.
  • a communication module for performing wireless communication with the message server 210 and the second electronic device 230
  • a memory for storing security information acquired from the message server 210
  • a processor for example, the first processor 221 operatively connected to the communication module and the memory.
  • the first processor 221 may encrypt the first message based on first security information (for example, the second security information 232 ) of the second electronic device 230 for transmitting the first message, transmit the encrypted first message to the second electronic device 230 through the message server 210 , receive a decryption failure signal for the first message from the second electronic device 230 , receive second security information corresponding to the second electronic device 230 from the second electronic device 230 , encrypt the second message based on the received second security information, and transmit the second message to the second electronic device 230 .
  • first security information for example, the second security information 232
  • the first processor 221 may count the number of generations of the decryption failure signal for the first message and, when the number of generations exceeds a configured threshold value, display a notification related to transmission of the first message.
  • the first processor 221 may generate a third message and transmit the third message to the second electronic device 230 .
  • the first processor 221 may add a field including the first security information to at least one field included in the first message and record security information in the added field to transmit the security information to the message server 210 .
  • the first security information may include at least one piece of public key information for encrypting the first message and private key information for participating in a chat room.
  • FIG. 4 is a flowchart illustrating a method by which a message server manages security information according to an embodiment of the disclosure.
  • a message server may acquire security information corresponding to at least one electronic device accessing the message server 210 and store the security information in a database (for example, the database 213 of FIG. 3 ) of a memory (for example, the memory 212 of FIG. 3 ).
  • the at least one electronic device may access the message server 210 and provide security information to the message server 210 .
  • the security information may include unique data (for example, a public key and/or a private key) corresponding to at least one electronic device.
  • the message server 210 may provide security information (for example, the second security information 232 of FIG. 3 ) of the second electronic device 230 to the first electronic device 220 .
  • the message server 210 may acquire security information (for example, an asymmetric public key) of at least one electronic device and update security information stored in the database whenever the at least one electronic device accesses the message server 210 .
  • the first electronic device 220 may transmit first security information (for example, the first security information 222 of FIG. 3 or the asymmetric public key of the first electronic device 220 ) corresponding to the first electronic device 220 to the RCS server 210 in operation 401 .
  • first security information for example, the first security information 222 of FIG. 3 or the asymmetric public key of the first electronic device 220
  • the second electronic device 230 may transmit second security information (for example, the second security information 232 of FIG. 3 or the asymmetric public key of the second electronic device 230 ) corresponding to the second electronic device 230 to the RCS server 210 in operation 403 .
  • second security information for example, the second security information 232 of FIG. 3 or the asymmetric public key of the second electronic device 230
  • the RCS server 210 may provide the first security information of the first electronic device 220 to the second electronic device 230 in operation 405 and provide the second security information of the second electronic device 230 to the first electronic device 220 in operation 407 . According to an embodiment of the disclosure, the RCS server 210 may manage the security information to allow the first electronic device 220 and the second electronic device 230 to share the security information.
  • the first electronic device 220 may acquire the second security information 232 corresponding to the second electronic device 230 through the RCS server 210 .
  • the first electronic device 220 may encrypt the message based on the second security information 232 (for example, the asymmetric public key of the second electronic device 230 ) and transmit the encrypted message to the second electronic device 230 .
  • the second electronic device 230 may decrypt the encrypted message by using its own asymmetric private key.
  • the second electronic device 230 may acquire the first security information 222 (for example, the asymmetric public key of the first electronic device 220 ) corresponding to the first electronic device 220 through the RCS server 210 .
  • the second electronic device 230 may acquire RCS capability information (for example, an RCS capability packet) corresponding to the first electronic device 220 , and the RCS capability information may include the asymmetric public key of the first electronic device 220 .
  • the second electronic device 230 may encrypt the message based on the asymmetric public key of the first electronic device 220 included in the RCS capability information and transmit the encrypted message to the first electronic device 220 .
  • the first electronic device 220 may decrypt the encrypted message by using its own asymmetric private key.
  • the first electronic device 220 may generate new security information (for example, a new asymmetric public key and/or a new asymmetric private key of the first electronic device) and, when accessing the RCS server 210 , transfer the new asymmetric public key to the RCS server 210 .
  • the RCS server 210 may update the asymmetric public key of the first electronic device 220 stored in the database to the new asymmetric public key.
  • the RCS server 210 may provide security information (for example, an asymmetric public key) of another electronic device to at least one electronic device accessing the RCS server 210 .
  • FIG. 5 is a timetable illustrating a process in which a message server manages security information according to an embodiment of the disclosure.
  • the RCS server 210 may include a server supporting message transmission and reception services according to an RCS scheme.
  • the first electronic device 220 may transmit first security information (for example, the first security information 222 of FIG. 3 or the asymmetric public key of the first electronic device 220 ) to the RCS server 210 in operation 501 .
  • first security information 222 may include unique public key and private key corresponding to the first electronic device 220 .
  • the RCS server 210 may transmit a response signal to the first electronic device 220 in response to acquisition of the first security information 222 .
  • the second electronic device 230 may transmit second security information (for example, the second security information 232 of FIG. 3 or the asymmetric public key of the second electronic device 230 ) to the RCS server 210 in operation 505 .
  • the second security information 232 may include unique public key and private key corresponding to the second electronic device 230 .
  • the RCS server 210 may transmit a response signal to the second electronic device 230 in response to acquisition of the second security information 232 .
  • the RCS server 210 may identify the first electronic device 220 operatively connected to the second electronic device 230 and provide the first security information 222 (for example, the asymmetric public key of the first electronic device 220 ) corresponding to the first electronic device 220 to the second electronic device 230 .
  • the RCS server 210 may identify the first electronic device 220 based on contact information stored in the second electronic device 230 and transmit the first security information 222 corresponding to the first electronic device 220 to the second electronic device 230 .
  • the second electronic device 230 may transmit a response signal tot eh RCS server 210 in response to reception of the first security information 222 .
  • the first electronic device 220 and the second electronic device 230 may share security information through the RCS server 210 .
  • the second electronic device 230 may encrypt the message by using the first security information of the first electronic device 220 .
  • the second electronic device 230 may transmit the encrypted message to the first electronic device 220 through the RCS server 210 based on the first security information.
  • the first electronic device 220 may decrypt the encrypted message by using the asymmetric private key of the first electronic device 220 .
  • the first electronic device 220 and the second electronic device 230 may perform an encryption process and/or a decryption process for the message based on the shared security information.
  • FIG. 6 is a flowchart illustrating a method of processing an encrypted message when decryption of an encrypted message fails according to an embodiment of the disclosure.
  • a message server (for example, the message server 210 of FIG. 2 or the RCS server 210 of FIG. 3 ) may at least partially control a message transmission and reception process between a first electronic device (for example, the first electronic device 220 of FIG. 2 ) and a second electronic device (for example, the second electronic device 230 of FIG. 2 ).
  • the message server 210 may manage security information of the first electronic device 220 (for example, the first security information 222 of FIG. 3 or the asymmetric public key of the first electronic device 220 ) and/or security information of the second electronic device 230 (for example, the second security information 232 of FIG.
  • the message server 210 may store at least one piece of security information (for example, an asymmetric public key) for encryption and/or decryption of the message in a database (for example, the database 213 of FIG. 3 ) and provide the at least one piece of security information to at least one electronic device accessing the message server 210 .
  • asymmetric public key for example, an asymmetric public key
  • the message server 210 may acquire an encrypted first message based on first security information of the second electronic device 230 (for example, the asymmetric public key of the second electronic device 230 ) from the first electronic device 220 and transmit the first security information to the second electronic device 230 .
  • first security information of the second electronic device 230 for example, the asymmetric public key of the second electronic device 230
  • the first electronic device 220 has already acquired the first security information of the second electronic device 230 (for example, the asymmetric public key of the second electronic device 230 ) through the message server 210 and encrypt the first message based on the first security information.
  • the first electronic device 220 may transmit the encrypted first message to the second electronic device 230 through the message server 210 .
  • the second electronic device 230 may acquire the encrypted first message and transmit a response signal indicating whether the first message is successfully decrypted to the message server 210 .
  • the second electronic device 230 may succeed in decoding the first message by using its own asymmetric private key.
  • the second electronic device 230 may fail in decoding the first message.
  • the second electronic device 230 may transmit a response signal indicating whether the first message is successfully decrypted to the message server 210 .
  • the message server 210 may acquire a decryption failure signal for the first message from the second electronic device 230 and transmit the decryption failure signal to the first electronic device 220 .
  • failure of the decryption of the first message may be the situation occurring when the first security information of the second electronic device 230 (for example, the asymmetric public key of the second electronic device 230 ) is changed.
  • the second electronic device 230 may transmit second security information of the second electronic device 230 (for example, the changed asymmetric public key of the second electronic device 230 ) to the message server 210 .
  • the message server 210 may transmit a signal making a request for second security information (for example, the current asymmetric public key of the second electronic device 230 and a new asymmetric public key of the second electronic device 230 ) to the second electronic device 230 and acquire the second security information from the second electronic device 230 .
  • the message server 210 may transmit the decryption failure signal to the first electronic device 220 , and the first electronic device 220 may count the number of decryption failure. When the counted number of decryption failure exceeds a configured threshold value, the first electronic device 220 may display a notification related to transmission of the first message.
  • the first electronic device 220 may display a notification message related to transmission of the first message on a screen.
  • the first electronic device 220 may generate a third message which is not encrypted and transmit the third message to the second electronic device 230 .
  • the message server 210 may acquire second security information of the second electronic device 230 (for example, the new asymmetric public key of the second electronic device 230 ) from the second electronic device 230 and transmit the second security information to the first electronic device 220 .
  • the second security information may include changed security-related information (for example, the asymmetric public key) of the second electronic device 230 .
  • the message server 210 may update the first security information of the second electronic device 230 (for example, the asymmetric public key of the second electronic device 230 ) stored in the database to the second security information (for example, the new asymmetric public key of the second electronic device 230 ).
  • the first electronic device 220 may acquire the updated second security information of the second electronic device 230 .
  • the first electronic device 220 may use the second security information (for example, the new asymmetric public key of the second electronic device 230 ) during a process of encrypting the message to be transmitted to the second electronic device 230 .
  • the message server 210 may receive a second message encrypted based on the second security information (for example, the new asymmetric public key of the second electronic device 230 ) from the first electronic device 220 .
  • the first electronic device 220 may transmit the second message encrypted based on the second security information to the second electronic device 230 through the message server 210 .
  • the message server 210 may transmit the second message (for example, the message encrypted based on the second security information of the second electronic device 230 ) received from the first electronic device 220 to the second electronic device 230 .
  • the message server 210 may perform a procedure for transmitting the encrypted message again.
  • the message server 210 may store an algorithm for dealing with decryption failure of the message in a memory (for example, the memory 212 of FIG. 3 ).
  • the second electronic device 230 may transmit a response signal indicating the decryption failure to the message server 210 .
  • the second electronic device 230 may transmit security information including the changed asymmetric public key (for example, the new asymmetric public key) to the message server 210 .
  • the message server 210 may transfer the changed asymmetric public key of the second electronic device 230 to the first electronic device 220 .
  • FIG. 7 is a timetable illustrating a process of processing an encrypted message when decryption of an encrypted message fails according to an embodiment of the disclosure.
  • an RCS server may at least partially control a message transmission and reception process between a first electronic device (for example, the first electronic device 220 of FIG. 2 ) and a second electronic device (for example, the second electronic device 230 of FIG. 2 ).
  • the RCS server 210 may manage security information (for example, the first security information 232 of FIG. 3 ) of the first electronic device 220 and/or security information (for example, the second security information 232 of FIG. 3 ) of the second electronic device 230 .
  • the RCS server 210 may acquire the security information (for example, an asymmetric public key) of the first electronic device. Further, when the second electronic device 230 accesses the RCS server 210 to transmit an encrypted message to the first electronic device 220 , the RCS server 210 may provide the security information of the first electronic device 220 to the second electronic device 230 . Referring to FIG. 7 , the first electronic device 220 and the second electronic device 230 may be sharing security information through the RCS server 210 .
  • the security information for example, an asymmetric public key
  • the RCS server 210 may at least partially control transmission and reception of the encrypted message based on an algorithm stored in a memory (for example, the memory 212 of FIG. 3 ).
  • the first electronic device 220 may transmit a first message to the second electronic device 230 through the RCS server 210 .
  • the first message may be a message encrypted based on first security information of the second electronic device 230 (for example, an asymmetric public key of the second electronic device 230 ).
  • the first electronic device 220 may access the RCS server 210 and acquire RCS capability information (for example, an RCS capability packet) corresponding to the second electronic device 230 .
  • the RCS capability information may include the asymmetric public key of the second electronic device 230 .
  • the first electronic device 220 may encrypt the first message based on the asymmetric public key of the second electronic device 230 included in the RCS capability information and transmit the encrypted first message to the second electronic device 230 .
  • the second electronic device 230 may fail in decrypting the first message transmitted from the first electronic device 220 and transmit a decryption failure signal for the first message to the first electronic device 220 through the RCS server 210 .
  • the security information for example, the asymmetric public key
  • the second electronic device 230 may fail in the decryption operation of the first message encrypted based on the first security information.
  • the second electronic device 230 may transmit the decryption failure signal to the first electronic device 220 through the RCS server 210 .
  • the first electronic device 220 may count the number of receptions of the decryption failure signal and, when the counted number exceeds a configured threshold value, display a notification related to transmission of the first message. For example, a notification message related to retransmission of the first message may be displayed.
  • the notification message may include an option for selecting whether to encrypt and transmit the first message or to transmit the first message without encryption.
  • the first electronic device 220 may generate a third message which is not encrypted and transmit the third message to the second electronic device 230 .
  • the second electronic device 230 may transmit newly generated security information (for example, second security information, the current asymmetric public key of the second electronic device 230 , and the new asymmetric public key) to the RCS server 210 .
  • security information for example, second security information, the current asymmetric public key of the second electronic device 230 , and the new asymmetric public key
  • operation 705 may be performed at the time point at which the second electronic device 230 accesses the RCS server 210 or may be performed before operation 701 to operation 703 .
  • the RCS server 210 may update the security information of the second electronic device 230 stored in a database (for example, the database 213 of FIG. 3 ). For example, the RCS server 210 may update the first security information stored in the database to the second security information.
  • a database for example, the database 213 of FIG. 3
  • the first electronic device 220 may access the RCS server 210 to retransmit the message to the second electronic device 230 , and the first electronic device 220 may acquire second security information of the second electronic device 230 (for example, the new asymmetric public key of the second electronic device 230 ) from the RCS server 210 .
  • the RCS server 210 may transmit the newly generated security information (for example, the second security information of the second electronic device (the changed (updated) asymmetric public key and the new asymmetric public key)) to the first electronic device 220 in response to access of the first electronic device 220 .
  • the first electronic device 220 may transmit a second message to the second electronic device 230 through the RCS server 210 .
  • the second message may include a message encrypted based on the second security information of the second electronic device 220 .
  • the first electronic device 220 may generate the second message encrypted based on the second security information and transmit the second message to the second electronic device 230 through the RCS server 210 .
  • the second electronic device 230 may transmit a response signal to the RCS server 210 in operation 711 .
  • the second electronic device 230 may decrypt the second message based on the second security information and transmit a response signal corresponding to the decryption success to the RCS server 210 .
  • the RCS server 210 may repeatedly perform an algorithm according to decryption failure for the message illustrated in FIG. 7 .
  • the first electronic device 220 may be in a state in which the timetable of FIG. 7 is stored in a memory (for example, the memory 130 of FIG. 1 ).
  • the first electronic device 220 may repeatedly perform the process of the timetable of FIG. 7 a predetermined number of times through the RCS server 210 and, when the number exceeds the configured number, display a user interface including a notification message and determine whether to transmit the message according to selection.
  • the first electronic device 220 may display a user interface indicating message transmission failure through a display module (for example, the display module 160 of FIG. 1 ) and determine whether to retransmit the encrypted message.
  • the first electronic device 220 may transmit the message which is not encrypted to the second electronic device 230 .
  • FIG. 8 is a timetable illustrating a process in which encryption information is inserted into a message and transmitted according to an embodiment of the disclosure.
  • an RCS server (for example, the message server 210 of FIG. 2 or the RCS server 210 of FIG. 3 ) may at least partially control a message transmission/reception process between a first electronic device (for example, the first electronic device 220 of FIG. 2 ) and a second electronic device (for example, the second electronic device 230 of FIG. 2 ).
  • the RCS server 210 may receive an RCS capacity packet from the first electronic device 220 and transmit the RCS capacity packet to the second electronic device 230 .
  • the RCS capacity packet may include capacity information and/or encryption information (for example, communication information, encryption information, public key information, and/or private key information) for the first electronic device 220 and/or the second electronic device 230 connected to the RCS server 210 .
  • the RCS capacity packet may include a plurality of fields, and at least one new field (for example, a message header field) of the plurality of fields may be added.
  • at least one new field may include security information (for example, encryption information) corresponding to the first electronic device 220 indicating whether the message is encrypted.
  • the RCS capacity packet may be implemented as shown in Table 1 below.
  • the first electronic device 220 may record security information (for example, the asymmetric public key (publickey) information of the first electronic device 220 ), such as “ ⁇ op:publickey>S3DBDE2DX9DTDY6OJ4 . . . ⁇ /op:publickey>” in the RCS capacity packet.
  • security information for example, the asymmetric public key (publickey) information of the first electronic device 220
  • the RCS capacity packet may be transmitted to the RCS server 210 .
  • the RCS capacity packet may include encryption information related to the message (for example, asymmetric public key information).
  • the message may be transmitted in a packet form, and the message packet may include a field (for example, a message header field) indicating whether the message is an encrypted message.
  • a reception device receiving the message may determine whether the message is encrypted based on the “message header field” of the message packet.
  • the RCS server 210 may identify whether there is the “message header field” in the message packet transmitted from the first electronic device 220 and identify whether the message is encrypted according to the existence or nonexistence of the “message header field”. For example, when there is the “message header field” in the message packet, the message may be in an encrypted state. When there is no “message header field” in the data-related packet, the message may be a non-encrypted state.
  • the first electronic device 220 may transmit a first message (for example, a message packet) including encrypt information (for example, data indicating whether the message is an encrypted message or a non-encrypted message) in a new field (for example, a message header field) to the RCS server 210 .
  • the RCS server 210 may identify whether the first message is encrypted based on the message header field included in the first message (for example, the message packet).
  • the RCS server 210 may transmit the first message to the second electronic device 230 .
  • FIG. 9 is a timetable illustrating a process in which a first electronic device opens a group chat room and a third electronic device participates in a group chat room according to an embodiment of the disclosure.
  • an RCS server may at least partially control a message transmission and reception process between a first electronic device (for example, the first electronic device 220 of FIG. 2 ) and the third electronic device 930 participating in a group chat room.
  • the RCS server 210 may manage at least one group chat room.
  • the group chat room may be generated based on a private key (for example, a symmetric private key) corresponding to unique security information.
  • the RCS server 210 may provide a private key corresponding to the group chat room to electronic devices participating in the group chat room.
  • the first electronic device 220 may open a group chat room.
  • the group chat room may be defined as a virtual conversation space in which a plurality of electronic devices share conversation content.
  • the first electronic device 220 may generate a symmetric private key for encryption and decryption of messages shared in the group chat room and open a group chat room based on the symmetric private key.
  • At least one electronic device participating in the group chat room may be in a state for sharing the symmetric private key.
  • the first electronic device 220 may transmit a signal including the symmetric private key in a new field (for example, a message header field) to the RCS server 210 according to access to the RCS server 210 .
  • the RCS server 210 may manage asymmetric public keys for at least one electronic device through the database.
  • the RCS server 210 may provide the asymmetric public keys for the at least one electronic device to the first electronic device 220 .
  • the first electronic device 220 may encrypt the symmetric private key by using the asymmetric public keys for the at least one electronic device.
  • the first electronic device 220 may transmit an invite message for inviting to the group chat room to the third electronic device 930 .
  • the invite message may include a message in which the symmetric private key of the group chat room is encrypted.
  • the invite message may include the message in which the symmetric private key of the group chat room is encrypted based on the asymmetric public keys of at least one electronic device (for example, the third electronic device 930 ).
  • the third electronic device 930 may decrypt the invite message by using the asymmetric private key of the third electronic device 930 .
  • the invite message may be a message encrypted based on the asymmetric public key of the third electronic device 930 and a message which can be decrypted based on the asymmetric private key of the third electronic device 930 .
  • the third electronic device 930 may acquire the symmetric private key corresponding to the group chat room, and may participate in the group chat room by using the symmetric private key.
  • the third electronic device 930 may encrypt the message by using the symmetric private key corresponding to the group chat room and transfer the encrypted message to the group chat room.
  • the third electronic device 930 may transmit a first message encrypted using the symmetric private key to the group chat room.
  • at least one electronic device participating in the group chat room may decrypt the first message by using the symmetric private key and provide content of the first message to the user.
  • the RCS server 210 may be at least partially involved in managing the group chat room in which at least one electronic device participates.
  • the first electronic device 220 may encrypt all messages transmitted through the RCS server 210 and transmit the encrypted messages to the second electronic device 230 .
  • the RCS server 210 may provide security information (for example, an asymmetric public key) of the second electronic device 230 to the first electronic device 220 , and the first electronic device 220 may encrypt all message transmitted to the second electronic device 230 by using the asymmetric public key of the second electronic device 230 .
  • the first electronic device 220 may generate a plurality of group chat rooms and encrypt shared messages with respect to a specific group chat room. For example, the first electronic device 220 may encrypt conversation in the specific group chat room among the plurality of group chat rooms.
  • the first electronic device 220 may selectively encrypt only a specific message among the messages transmitted to the second electronic device 230 .
  • the first electronic device 220 may identify specific phrases (for example, an account number, a residence registration number, a password, a preset word, and/or content required to be secured) included in messages to be transmitted to the second electronic device 230 and selectively encrypt only messages including the identified specific phrases.
  • specific phrases for example, an account number, a residence registration number, a password, a preset word, and/or content required to be secured
  • the first electronic device 220 may encrypt messages including the identified specific phrases based on the asymmetric public key of the second electronic device 230 and transmit the encrypted messages to the second electronic device 230 .
  • a method of encrypting a message through the message server 210 may include an operation of acquiring a first message encrypted on the basis first security information (for example, the second security information 232 of FIG. 3 ) of the second electronic device 230 from the first electronic device 220 and transmitting the first message to the second electronic device 230 , an operation of acquiring a decryption failure signal for the first message from the second electronic device 230 and transmitting the decryption failure signal to the first electronic device 220 , an operation of transmitting second security information (for example, a current asymmetric public key of the second electronic device 230 ) corresponding to the second electronic device 230 to the first electronic device 220 , an operation of receiving a second message encrypted based on the second security information from the first electronic device 220 , and an operation of transmitting the received second message to the second electronic device 230 .
  • first security information for example, the second security information 232 of FIG. 3
  • the method according to an embodiment may further include an operation of detecting access of at least electronic device to the message server 210 , an operation of acquiring security information related to the at least one electronic device from the at least one electronic device in response to the access, and an operation of storing the acquired security information in a memory (for example, the memory 212 of the RCS server 210 of FIG. 3 ) of the message server 210 .
  • the method according to an embodiment may further include an operation of making a request for security information to the second electronic device 230 in response to the decryption failure signal for the first message and an operation of acquiring the second security information from the second electronic device 230 .
  • the method according to an embodiment may further include an operation of counting a number of generations of the decryption failure signal for the first message by the first electronic device and an operation of, when the number of generations exceeds a configured threshold value, displaying a notification related to transmission of the first message by the first electronic device 220 .
  • the method according to an embodiment may further include an operation of identifying whether the first message is encrypted based on whether there is a field for recording security information in at least one field included in the first message.
  • the first security information may include at least one piece of public key information for encrypting the first message and private key information for participating in a chat room.
  • the method according to an embodiment may further include an operation of receiving an invite message for participating in a group chat room from the first electronic device 220 , an operation of identifying a third electronic device participating in the group chat room in response to a request signal, and an operation of transmitting the invite message to the third electronic device.
  • the invite message may include a message in which a private key (for example, a symmetric private key) corresponding to the group chat room is encrypted, based on security information of the third electronic device.
  • a private key for example, a symmetric private key
  • the electronic device may be one of various types of electronic devices.
  • the electronic devices may include, for example, a portable communication device (e.g., a smartphone), a computer device, a portable multimedia device, a portable medical device, a camera, a wearable device, or a home appliance. According to an embodiment of the disclosure, the electronic devices are not limited to those described above.
  • each of such phrases as “A or B,” “at least one of A and B,” “at least one of A or B,” “A, B, or C,” “at least one of A, B, and C,” and “at least one of A, B, or C,” may include any one of, or all possible combinations of the items enumerated together in a corresponding one of the phrases.
  • such terms as “1st” and “2nd,” or “first” and “second” may be used to simply distinguish a corresponding component from another, and does not limit the components in other aspect (e.g., importance or order). It is to be understood that if an element (e.g., a first element) is referred to, with or without the term “operatively” or “communicatively”, as “coupled with,” “coupled to,” “connected with,” or “connected to” another element (e.g., a second element), it means that the element may be coupled with the other element directly (e.g., wiredly), wirelessly, or via a third element.
  • module may include a unit implemented in hardware, software, or firmware, and may interchangeably be used with other terms, for example, “logic,” “logic block,” “part,” or “circuitry”.
  • a module may be a single integral component, or a minimum unit or part thereof, adapted to perform one or more functions.
  • the module may be implemented in a form of an application-specific integrated circuit (ASIC).
  • ASIC application-specific integrated circuit
  • Various embodiments as set forth herein may be implemented as software (e.g., the program 140 ) including one or more instructions that are stored in a storage medium (e.g., the internal memory 136 or the external memory 138 ) that is readable by a machine (e.g., the electronic device 101 ).
  • a processor e.g., the processor 120
  • the machine e.g., the electronic device 101
  • the one or more instructions may include a code generated by a complier or a code executable by an interpreter.
  • the machine-readable storage medium may be provided in the form of a non-transitory storage medium.
  • the term “non-transitory” simply means that the storage medium is a tangible device, and does not include a signal (e.g., an electromagnetic wave), but this term does not differentiate between where data is semi-permanently stored in the storage medium and where the data is temporarily stored in the storage medium.
  • a method according to various embodiments of the disclosure may be included and provided in a computer program product.
  • the computer program product may be traded as a product between a seller and a buyer.
  • the computer program product may be distributed in the form of a machine-readable storage medium (e.g., a compact disc read only memory (CD-ROM)), or be distributed (e.g., downloaded or uploaded) online via an application store (e.g., PlayStoreTM), or between two user devices (e.g., smart phones) directly. If distributed online, at least part of the computer program product may be temporarily generated or at least temporarily stored in the machine-readable storage medium, such as a memory of the manufacturer's server, a server of the application store, or a relay server.
  • a machine-readable storage medium e.g., a compact disc read only memory (CD-ROM)
  • an application store e.g., PlayStoreTM
  • two user devices e.g., smart phones
  • each component e.g., a module or a program of the above-described components may include a single entity or multiple entities, and some of the multiple entities may be separately disposed in different components.
  • one or more of the above-described components may be omitted, or one or more other components may be added.
  • a plurality of components e.g., modules or programs
  • the integrated component may still perform one or more functions of each of the plurality of components in the same or similar manner as they are performed by a corresponding one of the plurality of components before the integration.
  • operations performed by the module, the program, or another component may be carried out sequentially, in parallel, repeatedly, or heuristically, or one or more of the operations may be executed in a different order or omitted, or one or more other operations may be added.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Security & Cryptography (AREA)
  • Signal Processing (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Computer Hardware Design (AREA)
  • Computing Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • Telephonic Communication Services (AREA)
  • Mobile Radio Communication Systems (AREA)
US18/149,460 2020-07-07 2023-01-03 Message encryption method and electronic device Pending US20230155990A1 (en)

Applications Claiming Priority (5)

Application Number Priority Date Filing Date Title
KR20200083309 2020-07-07
KR10-2020-0083309 2020-07-07
KR10-2020-0166056 2020-12-01
KR1020200166056A KR20220005963A (ko) 2020-07-07 2020-12-01 메시지의 암호화 방법 및 전자 장치
PCT/KR2021/007793 WO2022010134A1 (fr) 2020-07-07 2021-06-22 Procédé de chiffrement de message et dispositif électronique

Related Parent Applications (1)

Application Number Title Priority Date Filing Date
PCT/KR2021/007793 Continuation WO2022010134A1 (fr) 2020-07-07 2021-06-22 Procédé de chiffrement de message et dispositif électronique

Publications (1)

Publication Number Publication Date
US20230155990A1 true US20230155990A1 (en) 2023-05-18

Family

ID=79343108

Family Applications (1)

Application Number Title Priority Date Filing Date
US18/149,460 Pending US20230155990A1 (en) 2020-07-07 2023-01-03 Message encryption method and electronic device

Country Status (3)

Country Link
US (1) US20230155990A1 (fr)
KR (1) KR20220005963A (fr)
WO (1) WO2022010134A1 (fr)

Families Citing this family (2)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US11528601B1 (en) 2021-06-09 2022-12-13 T-Mobile Usa, Inc. Determining and ameliorating wireless telecommunication network functionalities that are impaired when using end-to-end encryption
US11956222B2 (en) * 2021-09-03 2024-04-09 Verizon Patent And Licensing Inc. End-to-end encryption for multiple recipient devices

Family Cites Families (5)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
JPH10133955A (ja) * 1996-10-29 1998-05-22 Matsushita Electric Ind Co Ltd 可搬型メディア駆動装置とその方法、及び可搬型メディアとネットワークの連携装置とその方法
KR20130096575A (ko) * 2012-02-22 2013-08-30 한국전자통신연구원 공개키 기반 그룹 키 분배 장치 및 방법
KR101428665B1 (ko) * 2012-04-27 2014-08-11 (주)에이티솔루션즈 Aes-otp기반의 보안 시스템 및 방법
KR101207694B1 (ko) * 2012-05-16 2012-12-03 주식회사 엘지유플러스 기업형 메시지 서비스를 제공하는 방법 및 장치
KR101675332B1 (ko) * 2015-09-14 2016-11-11 인포뱅크 주식회사 차량용 데이터 통신 방법 및 그를 이용하는 차량용 전자 제어 장치 및 시스템

Also Published As

Publication number Publication date
KR20220005963A (ko) 2022-01-14
WO2022010134A1 (fr) 2022-01-13

Similar Documents

Publication Publication Date Title
US20230155990A1 (en) Message encryption method and electronic device
US11496900B2 (en) Electronic device and method for storing user identification information
US20230100148A1 (en) Electronic device for performing edge computing service, and operating method of electronic device
US20230353555A1 (en) Iot device and method for onboarding iot device to server
US20230345237A1 (en) Electronic device performing wireless communication with accessory device, and operating method thereof
US20240056808A1 (en) Electronic device, and method by which electronic device performs cloud onboarding of external electronic device
US20230291559A1 (en) Electronic device for controlling power consumption of accessory device and operating method therefor
US20230004660A1 (en) Method of processing secure data and electronic device supporting the same
US20220209954A1 (en) Electronic device for sharing id and password, method for operating thereof, and server
EP4274309A1 (fr) Dispositif électronique permettant de réaliser une opération de gestion de réseau, et procédé de fonctionnement associé
US20240121616A1 (en) Apparatus and method for remote control of electronic device
US20240236054A9 (en) Electronic device and method for uploading data of external electronic device in electronic device
US20240137349A1 (en) Electronic device and method for uploading data of external electronic device in electronic device
US20230047571A1 (en) Method of managing electronic devices based on group account and electronic device for providing the same
US20220385722A1 (en) Electronic device for file transfer and operating method thereof
US20240007935A1 (en) Electronic device for sharing function and operating method therefor
EP4395273A1 (fr) Dispositif électronique permettant d'assurer une fonction rcs et son procédé de fonctionnement
US20220224729A1 (en) Electronic device for processing message and operating method thereof
US20230128203A1 (en) Electronic device for performing sa query in wlan system and operating method thereof
EP4328768A1 (fr) Dispositif électronique permettant d'effectuer différents processus d'ouverture de session selon un type d'authentification et son procédé de commande
US20240178990A1 (en) Electronic device for storing secure data and method for operating the same
US20220343747A1 (en) Method and apparatus for providing location alarm service of electronic device
US20230155733A1 (en) Device and method for transmitting response packet
US20220321524A1 (en) Electronic device for allocating ip address of an external electronic device and method for the same
US20240048613A1 (en) Electronic device and method of forming wi-fi peer to peer (p2p) group

Legal Events

Date Code Title Description
AS Assignment

Owner name: SAMSUNG ELECTRONICS CO., LTD., KOREA, REPUBLIC OF

Free format text: ASSIGNMENT OF ASSIGNORS INTEREST;ASSIGNORS:KIM, DOHOON;PARK, SEWON;PARK, JOOKYOUNG;REEL/FRAME:062262/0357

Effective date: 20221227

STPP Information on status: patent application and granting procedure in general

Free format text: DOCKETED NEW CASE - READY FOR EXAMINATION